How do you track licenses for third-party libraries that you use in your software? How did you vet the licenses? Sometimes licenses change or libraries switch licenses–how do you stay up to date?
At the moment I've got an Excel spreadsheet with worksheets for third-party software, licenses, and the projects we use them on (organized like a relational database). It seems to work OK, but I think it will go out-of-date pretty quickly.
Best Answer
This is a great opportunity for cooperation between Engineering and Legal. All third-party software should be cleared by Legal prior to coding (or risk coding it out later... or worse); and while you're at it, let Legal track the licenses and how they're used!
Spreadsheets and databases work with small volumes, but they are not scalabe solutions. Many companies do a periodic code scan to audit third-party license use in their products, but this is much riskier and more expensive than tracking the info from the start. See this relevant white paper: http://www.ententesoftware.com/documents/PlanningVsScanning.pdf.